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Method and system f«r- t,= -« 

ayacem for performing a transaction and fnr n e . 

-, fication of legitimate uaa or di - d a - a 

The present invention relates r n ^ ^ ^ 

At present, numerous transar-t-i ™» ~ . 
10 electronic Mans ln ™ „ " * 

— a-*. „ hich each ot jrr ztzziTi r ld to 

to reach desired transactions exch »"^n 3 data and infarction 

digital information mav he „ * 0pyri #*< *« example. However, 

to be able to track anv oth. " Party ' ° r " 

transaction a ZTlJTlZ/ T " « the 

is known to use paralaTl::;^: "* P^ses, lt 

-nation ^ara^r^ £ "™ 
25 a specific user. However u« f „„ * ° nly Rnown to 

networka U te the Intent 1 """"^ " en " fi "= — « public 

parson to do transactions I Par30n ' * naWin9 this 

problem arises r^T^TT^ * ^ " " 

30 possible to track the * transaction, it is not 

racK the re *l transaction oartna, 
identifier any hav , been used " « «. personal 

natwork. * molj - c i<>'>s user of tha public 

for a mora aecura transaction it >,„. - 
Patent application Bo. 1 219 oaB „ ^ »">W»* i» European 

35 transaction server cos-prisin/p o^of TT ^ 

-a tranaactjon server varirias ^Z^^T""" ^"^ 
Parties by u=in g authentication data coT —action 

°n data comprising a table o£ 



data for verxfyin 9 , digital slgnature . The 

generated fr OT a random to*en U3ing , tol£en ~° £ 

randcn data corresponds to data collect*! fro™ „ 

c apital signature ori^in/f^te ZZ^Z^T 
> bem g different for every subseqU(mt vir^, 

aM th — — — r y 

aware is that the additional hardware © o a + v. 
-a ten reader, should be supplied tQ _ y p J - :±on 

i^rr an eieotconi ° — 

transaction party and a s,*™,,,* * a flrs t 

device operated L "1 f Tt pa "V an electronic 

perated by the first transaction partv Th. ,.=<■>„,. 
Providing authentication data in a memory or said el t < ^ 
which memory is inaccessible to an ooeZ ^^tronic device, 

electronic ■ operating system of the 

distal data fro» the aecon d transact ™ f ^T"^ 
transaction parry. tirst 

in a further aspect, the present invention provides a met h „ 
for performing a verification n ... Provides a method 

an electronic device 1" I ™° " f data on 

data in a m e,or y ^JT J^TT"" 

. , JL , a eiectr °mc device which memory is 

authentication data hein g llZZZ TJZZZ£Z' ^ 
soft ware, activating the authentication software^ ^1 . 

1", r 9 ""!^ ^ 1,16 **.* ProvLn, he 

d^tal suture to an application accessing di g ital J. ^ . 
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digital signature embedded therein- - 

In a further aspect the ■ <*fl*tal Signature. 

Performing said meth o d5 ^ >™ —ides syst e ms £or 

Without use of any additional hardware a ^ 
an electronic transaction may he identifie i^t^T * 
possi biliLy £or fraudulent use Qf ^ ^ --a ly no 

dxgitallysigned according to the • 

they are later" fdu&V to lu^al! " " ^ ~ if 

signature ma y uni^ 'J^T^ C^Y^ ^ 

received said digital data. * transaction party that 

Digital data digitally signed according to the present 
invention are stored in a storage medium o* a devic H 
authentication;, software :ixi« ta n ed «, haVln ' the 

^•--rdi^^Wt, -mature has been generated 

. ■■*:^ 1 > fte va H»entication l *data stored 4 n 
thereafter . e^d ,in thecal data to P T^ IT1 7 

reLerated <* ^ embedded signature with the 

regenerated sxgnature provides information whether , la , 

« rightfully installed on the device « ZT " 

the signatures are identical, the data 1 T 00mPar " 0n * W * «*« 

device, and, for exss.n,. * aoc "» ed "V the 

^tal dat 1Z ITT'ZZ T™ COmPriSSd ^ ~ ^ 
dgital data are" ^xTZZ^T^ *. 

rr-r— ~ — — ~ rr_ 

-^^^ Centntrr ~ ~ 
reference to the foTlo „ ba00n " b " tBr «—»*»«» by 



Fig. 1 illustrates a Cart of an i MtaUiUo „ method £or 
new device according to tho present invantion. 
2 illustrates a chart ox an inataiiation method for an 

Pio , T" n9 deViM a ° 00rdln9 t0 W«t invantion. 

"'9- 3 achematicaUy illuatratas a colter configuration 

having authentication software and an authentication 
Labia installed in the BIOS according to the present 
invention, 

10 Pig - 4 illust ~tes a chart of a method to generate a 

dlgltal signature from a random table 
Fig. 5 illustrates a chart of a method to generate a 

personal^ traceable distal file according to the 
present invention. 

Pig " 6 lTT eS a ° £ ^ 0£f " line a "^»^-tion of 

Pic 7 T ^ aCC ° rding t0 the Present invention. 
^ illustrates a chart of an on-line authentication or 

transaction method according to the present 

invention. 

Referring to Figs. 1, 2 and 4 - 7 - 
■ ^ 1 ' in the methods illust-r-at-^ 

211 7T iVe Fi9UrSS aCti ™ S " — are ir in a 

• ~ :: -d " Tzzzrr^' - - ~ 

^m .us. aotiona J^^TT^^Z^Z " 

qftmn . * necessary, as indicated in 

r K T* 3 " " r °" S ^ Pi9U " 8 - a« of data 

which , „. transferred through a suitafcia oonnaot f 

thereof, using ,n appropriate protocoi in a network connection. 

In this context, an installation method is to be understood - 
a method for installing sofLware .L t . unde «tood as 

a =.uii.»;are at some actors involved in H„ 
present method for enabling tracing end tracing of digital r ghts 
Further in this context, a new device relates to any electronic 

:^~ tSi ~ «<««^Wy location, e.,.\ C omP o , 
carver, prrnter. personal digital assistant, mobile telephone, which 
is being manufactured, or has been manufactured, but has not yet 
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been delivered to an end-user, whereas an existina a • 
-V electronic device containing a Basic In 0u t S T <° 
been delivered to an er1 H SyStem which has 

the end-user. " d ° r ^ been used by 

5 Referring to Pig. lf an i nstallation 

illustrated. The raethod Qf includea T * ±S 

^1. 3up P l ier , a trusted th±r g d p a a : t n y ClU a d ^ io 7 e aCt — ^ -do. 
and authentication software. The 7^1 »^~turer, a BIOS 

Physical entities, e a Mr ^ th±rd aCtors are 

table to another actor. generates and supplies a random 

A random Lable is defi h 

Alternatively, u.S Pat^nh a 6 as such - 

Y, u.i. Patent Application No. 5 354 nc,7 ^- , 
another merhod of orndnn^ , ^354,097 discloses 

« ot producing random numbers bv Qn H«,, 
randomly shaped material, such a a , optically scanning a 

two-dimensional pattern may be e 1™* mater±a1 ' 9 
0 . by transformation of a bit sll haS been fo —«* 

Application Ho. i r219 088 I ! d * SCl ° Sed in E »"Pe** Patent 
- r and omly shaped ^ " 

- T e . g . by using a ,^L^^~- - - 

rhe second column of Mo i 
5 third party (Tie) „ h)r . fc J relateo <=° actions of a trusted 

. 7 ,TT "' whicl1 ° a y be selected by the ran*™ 
•uppuer, a bios manufacturer and/or th. 

-rvice. The IT p 3 „ 63 . \ °* " W « 

other data, to be elucidated T ""*" ^ 

atrin, and other data used to ^ratTiT ' "* ^ Mt 

i= sent to the BI os manufacturer ^ bit 

authentication soflare iTa ^.T^™" 

by the MP in the B10s IOS a " d «*• Wt string supplied 

—rrrr: iT^r eios — • - - - 
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decryption code and enable the authentication software t-. h 
authentication table, which win then be encod gai al 7^ " 
a secure part of the device, oni y acce Ss ibie to ZZoT ^ 

The fifth column of Fig . 1 represents the action, -v. 
authentication software, which may be supplied T " 
supplier or by any other • h ^PP 1 *** by the random table 

atring i„ the bios ^ an authen J cati L tl ^ M * 

authentication table again and ^ .f^'.^" *" 

software stores and activates a dioItlT! 

generate a • digital-Signing algorithm to 

generate a session- or transaction-specilic dioit»i - 
authentication software preterm rL i^ a a / "* 

environment in the Bios or in » T operating 

inaccessible to the Zr! * "* " *»- 

ore to the operating system (OS) on the device 

device^r^th^ V" ~ - new 

Present i^ZZ^llTl ^ ^ ^ ™" 9 <" 
- comprising ^ 'l!: ~ ' ^ ^ ^ 

to cell 2. xhe numbers may he generate , 7 " 
^orithm. ^^V^T^ ~ ^ZTlT^ " 
No- 5,354 097 r-^H™ ^ m u.s. Patent Application 

'" , ' us "' random numbers mav be dadn^^ 
material, such as a n 0 n M deduced from a randomly shaped 

<*-■., sucn as a non-woven material. For exa™^ • 
material, fibers are arranged in » „ example ' ln a non- WO v e n 

MnH arranged in a random order due to the 

randomness or the production procesa. Prom the geometry or the 
fibers of the non-woven material numbers may be calculated r 
example, a number that may be calcula,-.,, oalculated. Tor 

two fibers in an ares of „ Cale » l ««0- «y be the a „g le between 

m an area of the material, or the number of fibers 
crossing an imaginary line, rhe calculated numbers wiu b e ^a d 
as the geometry of the material is random. Anothe a er«Jv. 
manner as disclosed in Eu „pean Patent Application »o T 2 l oes 
« couect random numbers is by transforming a bit string H 
two-dimensional pattern using an algorithm a / * 

this two-dimensional pattern a tabl T ^ £r ° m 

„, , . pattern a table of random numbers mav be 

calculated based on the geometry of the pattern. 
The random table sunni-i^y. »*.^ 
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i d r ply a r oco of non ™ materiai ° r ~t. 

ich the ttp ^ then —° « ~ — 

According to cell 4, . BI0S raanufacturec enlbed3 
authentication software ln tha ^ ^ £££ may 

be supply by the random taMe guppiie °«»are may 

manufacturer or supplied by a third party 

The authentication software preferably has its own unique 
serial number or software ID. Said uniaue number may be 
advantageously ployed in the installation method end in a track 
and trace method, as explained below. 

bit s r rthat ' aCC ° rdin9 *» «>e TTP generates , unigue 

tat strrng, „ the following way. P1 r St , according to cell a To 
TTP collects fixed data, such as a unigue aerial number , 0m l 
hardware device, a processor for exa^le, or the unigue software „ 
embedded in the authentication software in the previous step 

related to the specific Bros. The bit string, „ hloh wil1 bc 
generated from the fixed data, among others, is preferred to hev 
strong relation with the BXO, in which it is stoL" M TJZJ 
relation mares forging the bit string difficult. 

In the next step 6B, the- TTP «i 
received from «, « electa a random table previously 

Zll i SUPPli6r ' ° r ^ aerates a random 

table using a marker, such as a piece of , random 

a Mririftm a. P ° f non ~woven material or usincr 

a random two dimensional pattern g 

The thteedat EUrt , her 9anerat " " *• ~" «=. 

algorithm according to ceU ^ £ ~ ^HuT^ 
database according to cell 6e t-o^*-^ • 

rt aT . . together with the fixed data and the 

aata strxng, which were used to generate ifc . th@ 

The bit string is supplied to ^ ^ manufact ft 
m an encrypted n A dt^« ' preferably 

1,1, *w manufacturer embeds the bit strina 

like the authentication software in th» R rnc , strin ^' 

a1 . a.v,- . e ' in the BI °S according to cell 8 

At this p oint , a computer may be a »,«»hUH k • 

, , i y De assembled having a Bios which 

comprises authentication software and * kh 4. ■ 

re ^ a blt string. Thereafter, the 



= - abliah . wmKtlon ;; t : ::x r - - «- ««~*. to 

generate an authentication table The 
the TTP using th . fixed wMc ^ : s ^ e b ° iO.„t lfied by 

above. a ' " Mch " a ""i^e number as mentioned 

10 The connection with the ttp 

the «», but ^ also be tl t " J" Mt t0 b8 ^tiateo by 

which is e^ae d in . ^ * -thenticaticn software, 

application. The connection " * « -ty 

*>r a user or th , op? ^^^e """^ ' P °"^t* 

« procedure. • ■ the computer to interrupt the 

"hen a connection with the Tip ls e . t , tl( k 
authentication software sends ite ide„, » ' *** M ° S °* 

or the TTP acoordin3 t0 oeii 12 "^IT 0 " nUmb6r UP ° n 
repeat of the BI0S , the decrypt key "d 1 ' P ° S5ibly 
20 software usee the decrvot V * authentication 

authentication ItH £ ITT^ " " * « 

' BIOS according to ceil e. trl " 9 " Wch — — *W in th. 

Next, according to ceil ls 
by the authentication sc,„„_ ' """""cation table ia 

encoded 

«• table may be uncovered ,o , bv ! """^ a " authentication . 

authentication table would weaLm IT'; BnTOVeri " S °* ^ 

30 be decoded by the authentication aoftl " ^ then 

number. The Bios-specific number 2 be" T 

any ordinary encryption k ey incorporated ^Tj"^ ""*~ ~ 3 
The BIOS-specific number is sent ITT f ° r exa ^ 1 «- 

according to cell la after . ~ authentication software 

35 software according to cell I"*"** * r ° m th * authentication 
The installation in a new devi™ . 
20. The encoded authentication table is — to eel, 

1 st ° re <* m a secure part of 
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the mo., where it My Qnly ^ ^ 

operatic syatem. T „i, B . our . * by the BI0S net by the 

secure location in the davice " r L ! ' ^ ° th « 

Part o £ . hard drive or . ^T' " ^ 3 — te 

= «. the o Pera t ins aratem , but : nl ; r ;; t h : h B «- .«--«. 

eoftvare, storing the authentication table " a "hentication 

further decreaaea the poaaibility „" ^ " * ^ 

table. 1 retrieval of the authentication 

10 enooj^aute^^r "bl7a' ""ware and an 

a databaae of a ^ZlZZ^T ^ ^ *» 

enable the „ to derate the aame i-fc^^^^. 

installed in i ts B t OS „ J authentication software 

£jxo5 r nor does -it- t-i 

stored in ita B IOS at the time a 1^"™** ^ 
Preaent invention ia needed Ior any tral ^ *° 
including , particular electron. °* pur P°ae, 

« tranaaction. Thua. co^ared to ! °* " ° n " Une 

are n.ceaaary in the above-deaorC -TIT 
the neceasary ao ft„are and authenticatto ^ " 
lu Fig. 2 thets aoJ -e. 

random tab!, aupplier, a itp \ .7"" rePr " 9nti "" ^ actora, . 

5 ^ — application. Compare! "Z'.ITTT^ »* * 

no actor in the inatallation method foe "aiufaoturer ia 

third party application ia i^^T"^ a 
application i s an on-line application V" 01 - third party 
line logical acceaa, or on-Une t * <° d ° — 

■ application reguaata a ZllT slZl'^' ' ^ P ^ 

which does not have the autnenJT ° m *** eXistln ' 

authentication table *h « I , ^ 
that the device inataUa th "1^7 * PP1± °*«°» therefore regueata 
continuing the tranaaotW -"ware first before 

According to cell 22 t-v,o 

-PP-e, a random table, aUlar To The tt- ~~ <" ~ 

in Fig. i. ' r t0 the act *°n according to cell 2 



According to coll oa ^ 

y ^ ^cii 24, a device havina a Pi-no 
authentication table an*/ «*ving a bios without an 

application, however ra mi , application. The third party 

= i_ tim . i::™:: :„;:r ioation — di *< * - 

the requesting device to the TTP to k! a PP"=«ion redireete 

-"ware and an authentication teMe 1 " 

The TTP generates and stores a bit . 
2*-2«. similar to celis 6A - 6B of ri B 1 » " a ° 00rdin9 * ^ 
» « collects rixed data, according to „ U ~" °" 

random ^er is seiected, and according to c el l 7c 2 " 3 

a data string. rtom these three data sets th. ™ "* SelSCtS 

string according to celi 26D and atore" ^ ^t ,t * "* 

data and the data strina ^ string, the fi xed 

- string is sent to Z llZZZZ " ^ "» «' 

authentication sorter., Zll^Z °" 
The authentication software - 

Part or the Bios which is V « ^ String are *> ut in a 

° wnicn xs accessible -t-r. fK A 

™- ng ^ cen 28A . Next , accord ; ng to t nrSTL~ 

*0 to reboot to store the authentication so^ and'th k ^ 
a secure parL or Lhe BIOS which is „ - *** the bit string in 

system WhlCh " not accessible for the operating 

At this point, the method con Hr,„. 
1» rig. X fr o* ceil lo and Tu th" Z, " "Crated 
25 "aving newly stored authonticnttT T ' ^ ^ 3 ° th * 

BIOS contacts the TTP agaL al r "* " to «• 

«» data string, according ro lx^r^ * """^ ^ f °' — 

According to cell 34, the deer™* l. ■ 
authentication software and to *° th ° 

30 the corresponding authentication table T 

the authentication aorcware verifiTtb I *" ^ 36 ' 

tenets BXOS-specific data Z 2*7 ^ ^ ^ 

authentication table again. enCryPt the 

«. ..hod is ^"r^rjtrr'r soft - in 

automation table is encrypted and JL^.I^Z^ the 
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Bios. Any data remaining in the operating . *«. 

<* the authentication data and JT m thC transf ^ 

d9ta *** aUth -tication software is deleted by 

"sing this installation method everv ,w w 
V of communicating with exte rna 7T hlr d " " * ^ " d 

have the authentication software and applicat ^ns may 

installed, for example . ^ 

personal digital' ^^^ U,ll * r * 
capabilities or any other h. • "unless communication 

10 above. ^ ° tber <leVlee ««ainin 9 a BIOS, as me „ tionetf 

When the software and the fr-hi- 

bios, Particular seasion3r track tn;:rj;r cti 3 y inataiieci ±n th * 

-ay be initiated and performed usin* 1 ^ ^^tian. 

signing method. * authe *tication and digital 

F±g " 3 schen "atlc a ily illustrate* 

—=e ^ th8 autnontic^;:: rr^rf 18 » -* . 

tabie installed. The device consists o^ aUth6ntlo «lo„ 
referred to an hardware tz Exm „,. J *" CM, P°"ents, commonly 
processor. . bard drive hardware components are a 

*U the hardware devila T~ TT ^ 3 " eyb ° ard - 
»« « ia a software pao^ * »» 

usually located on a main board, „ hich \" '^-""^ — «» (ROM,, 
components of an electronic device ** haId " ar * 

The BIOS 44 controls most of th. 4» 
= from one component to another Data """""^ <"> d flo„i ng 
component and addressed to another °* in,trUQtloM -«»ing from ono 
The Bios 44 may check whether the ilT thr ° U9h th9 BI0S «• 

component are allowed or not ^ nof *" ° tW 

for any other component. ' ""Wo™" ia accessible 

ancryp t rz «r y rc\:errr:r sy «• - - 

-» know, the encryption key 48 may ^ TV ^ 

The operating system 48 creates a run-tim. " 
user appll oati<)ni! . Therefore it mav „ environment for any 

system 48 is an interface between a uaeVaTLT V """"" 
«y instruct the operating system 48 to ^ * U3er 

the application 50 needs lata T " aPPlloa "=»> *>. If 

4 thit 5t °" d « <*. hard drive, the 
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application 50 requests the data from the OD6m h 

operating system 48 in *■„ operating system 48. The 

the J dw :: e 2 , : t ::r s r the dat * « 44 

— « pas S ^ h e ; h h LT /r; h r data comin * fro » th * 

5 before they arrive at th. operating system 48 

*" lv « at the requesting application t; n „• 
Protocol the Bios 44 May control the acL^bixLv , ° 
or hardware devices 42 and th„. ^ a=Cess:lb:lllt y »' certain data 
may prohibit, for exl T th " Partiml « -"ware. It 

Parte of a hard driver atart T^' ^ " <° ~"«« 
A console 5 2 I applications. 

tha computer „i^ 2T^T?.' " hi ° h ^ « 
portent role at Irt no oTtT " C ° nS ° le 52 « 

-« -ora, not onl y at startup ^ ~- - «aa 

i 44 aenda the error maaaaa., , "* 0 P°«tio„, the Bios 

-a oonaole b2 rL Jl^l"^™" 8 ^ «» — • 
uaer may not interrupt or l n „ st and-alone the computer. A 

from the CllZ ZTZ COna ° le l »"-«ona 

in or behind the oonaole 52, there i. . 
accessible to the „« „. Iha a.cu^ , "** 
and storage locations, ahi ch J Tr e P t ™~ 
system 48. That means that Ported to the operating 

that the applicationa ,7"""! ™ " *™ *~ 

and maybe even ™.i SC ° rage l °«tions ere 

present 

a hardware device 42 ^T^"^"^ "* 

recovery application S6 to handle Z' " ' 

-vice 42 recover, irom the error and ^ 

operation. T he operatin g J^^J^" 

that there was an error. Probably not even noticed 

to authentication table may be aecur.lv „»„ - . 
store,, location 60. m a „ ch a part „ f T ** 
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environment in the Bios 44 n,„ e ^ 

«*. U accessible to the ' Q h ; «-* authentication 

environment in the seCHre ' "ataUad in an application 
5 authentication tabie ZL t " «*. 

the device. ^ PaSSin3 tht ° U *> « unsecured part of 

Further, the digital ai™- 
• Part of the BI OS J^T^ " ^^"^ *» 

the authentication table in the S ° rlt,lm b * Protected l ike 

■0 U both become WoTO to a uaer th"" "° ra9e l00ati ° n 60 < b <"=«*° 
coital aignature. By locWn" the T* "* ^ t0 * 
authentication « rt JL^^.'" U -" le ««- «*• and the 
it, n,. including the digital 

in the aecure area S2 they are secured "Sning algorithm 

From one authentication table n .L 
5 »««ated. n 9 . : -*y^trai. a , r™tbTr <U » lt * 1 "*» be 
-.nature from an authentication ^a * 
different digital signs may be gene«ted D 

aigns for every action minimi ' H I * <"*"al 

-rgery and mariml 2 ea the abilit y t ttcTth" « 
copy. y 0 "ace the origin of an illegal 

"9- 4 aho-a two actors, a BIOS ,„H «. 
=o«„are. T „e authentication aof t^s 

according to cell «. Thete _ *» ^ata 

a fired component. „ hi cn is Identical f T reqUi " d - 
ai 9 nature is generated. Purtber. a "aril " * 
enables the method to generate a nuT component is used, which 

-ceable digital signs. A syst^ITl^ 
transaction ID al ^ component, e.g. a 

r als ° depends on the 
components make it virtual! v ■ lnstance - »-o variable 

-le f rom a number of ^^^1^ * 
Personal iden tification ^ ^ Optionally, . 

identify the user as <" N > or Password may be used to 

software is embedded. ° WiUch the authentication 

When all the required data i« colle + * 
-ftware hashes the collected data into t aUthentic *^°n 

^ Mt 3^ into a number r ing and transiates 

^ — the authentiLtxon tab, ° ^ ^ "" ^ 

atxon table is decrypted by the 
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BIOS according to cell 68. The pointer generated according to cell 
66 point to position., tn the authentication table. Using the 
pointers, the authentication software gathers a series of random 
numbers from the authentication table according to cell 70 
Thereafter, according to cell 72, the BIOS encrypts the 
authentication table again. Finally, the digital signature 
accompanied by the variable data components that were used to 
generate the digital signature are transferred to the requesting 
application according to cell 74. 

A digital signature generated according to the present 
invention may be used in vaxious ways. First, it may be used to 
track and trace digital flies. Second, it may be used off-line to 
prevent illegally copied software from being used and third, the 
digital signature may be used in on-line transactions and 
1 5 authent i ca t i on , 

Fig. 5 illustrates the track and trace method for digital 
files, information contained in a digital file may be protected by 

3 ri7° £ eXaMPle * S ° ftWaEe ' rilm8 ° r ™ SiC ~* b * ~ and 
dowmoaded from the Internet. However, s . c h digital files containing 

Protected information may be very easily illegally copied and spread 
without a trace of whom copied and spread the file. Adding a trace 
« the digital rile makes it possible to trace to origin of the 
illegal copy. Ri ghtful owners of 3uch a digital file, e.g. music 
file will therefore not spread the file, but they may use the file 
on different locations, for instance on their computer at home and 
on their portable digital player, e.g. MP3-player. 

According to cell 80, a third party application receives a 
request for a digital file, e .g. software or a music file. The third 
party application is intended to provide protected or traceable . 
digital files and may be any application adapted therefor. It may he 
an on-lme application, for example. 

Then, according to cell 82, the third party application asks 
the requesting device if the authentication software is installed 
and running. According to cell 84, the BIOS responds, if the 
authentication software is not installed or running, the device is 
rerouted to a trusted third party to download and install the 
software according to cell 24 of Fig. 2. 
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CIAIMS 

1. Method for performing an electronic transaction between a first 
transaction party and a second transaction party using an electronic 

5 device operated by the first transaction party, the method 
comprising: 

providing authentication data in a memory of said electronic 
device which memory is inaccessible to an operating system of the 
electronic device; 

10 providing authentication software in said electronic device, the 

authentication data being accessible to said authentication 
software; 

activating the authentication software to generate a digital 
signature from the authentication data; 
15 providing the digital signature to the second transaction party; 

and 

providing digital data from the second transaction party to the 
first transaction party. 

2. Method according to claim 1, wherein the digital signature is 
20 different for each transaction. 

3. Method for performing a verification of legitimate use of digital 
data on an electronic device, the method comprising: 

providing authentication data in a memory of said electronic 
device which memory is inaccessible to an operating system of the 
25 electronic device; 

providing authentication software in said electronic device, the 
authentication data being accessible to said authentication 
software; 

activating the authentication software to regenerate a digital 
30 signature from the authentication data; 

providing the digital signature Lo the BIOS by an application 
accessing digital data having a digital signature embedded therein; 
and 

comparing the regenerated digital signature with the embedded 
35 digital signature. 
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4. Method according to any of the preceding claimS/ wherein ^ 
authentication data are provided in a Basic Input-Output System 
(BIOS) of the electronic device. 

5. Method according Lo any of the preceding claims, wherein the 
authentication data are encrypted using an encryption key 

S. Method according to claim 5, wherein the authentication software 
retrieves a decryption key associated with the encryption Jcey and 
decrypts the authentication data at its first use. 

7. Method according to any of the preceding claims, wherein the 
authentication data comprise an authentication table 

8. Method according to claim 7, wherein the authentication table is 
generated from a bit string which is generated from fixed data and 
variable data. 

9. Method according to claim 8, wherein the fixed data are stored in 
the BIOS. 

10. Method according to claim 8 or 9, wherein the fixed data, are at 
least part of a serial number of a hardware device 

11. Method according to claim 8 or 9, wherein the fixed daLa ace ah 
least part of a device specific software identification code of the 
authentication software. 

12. Method according to claim 8, wherein the variable data comprise a 
random table. 

13. Method according to claim 12, wherein the random table is 
calculated from a random two-dimensional pattern 

14. Method according to any of claims 8 - 13, wherein the 
authentication table is generated from fixed data, variable data and 
a bxt string specific to a trusted third party, providing the 
authentication data. 

15. Method according to any of the preceding claims, wherein the 
authentication software is stored in a S ecure memory location 
inaccessible to the operating system. 

16. M ethod according to any of the preceding claims, wherein the 
authentication software is run in a secure operating environment 
inaccessible to the operating system. 

17. Method according to any of the preceding claims, wherein the 
authentication software encrypts the authentication data, when it 



stores the authentication data, and decrypts the authentication data 
when it generates a digital signature. 

18 ; Method according to claim 17, wherein the encryption is performed 
usxng a BIOS specific .encryption key, and the decryption is 
performed using a BIOS specific decryption key associated with said 
encryption key. 

19. Method according to any of claims 1, 2 and 4 - 18, wherein the 
second transaction party embeds the digital signature in digital 
data it supplies to the first transaction party. 

20. Method according to any of claims 1, 2 and 4 - 19, wherein the 
second transaction party stores the digital aignaLure Logether wiLh 
data identifying the first transaction party. 

21. Method according to any of claims 1, 2 and 4 - 20, wherein the 
authentication data are provided by the second transaction party 
which stores the authentication data together with data identifying 
the first transaction party. 

. 22. Method according to claim 21, wherein a transaction party 
specific authentication table is deduced from the stored 
authentication table according to a specific algorithm. 

23. Method according to claim 21 or 22, wherein the second 
transaction party verifies the digital signature of the first 
transaction party using the authentication data stored at the second 
transaction party. 

24. system for performing an electronic transaction between a first 
transaction party and a second transaction using an electronic 
device operated by the first transaction party, the system 
comprising: 

means for providing authentication data in a memory of said 
electronic device which memory is inaccessible to an operating 
system of the electronic device; 

means for providing authentication software in said electronic 
device, the authentication data being accessible to said 
authentication software; 

_ means for activating the authentication software to generate a 
digital signature from the authentication data; 

means fo^ providing the digital signature to the second 
transaction party; and 
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maana for providing aigital data , rom ^ , 
party to t„, f i rst transaction party. 

Mjy-t- for parking a variation or lagiti^ata usa or digital 
data on an alactronic device, the ayateo, co,„pri 3 i„ g: 

.naana for providing authantioation data in , memory of said 
aiaotronic davica which memory ia inacceseihle to ,„ oparating 
system of tha alactronic davice; 

mcana for providing authantioation software in aaid alactronic 
davrca, tha authantioation data being acceasiMe to aaid 
authentication software; 

dicTT : Ct±Vating thS -thentication software to generate a 

digital signature from the authentication data; 

means for providing the digital signature to the BIOS by an 
applxcation accessing digital data having a digital signature 
embedded therein; and ff 

means for comparing the regenerated digital signature with the 
embedded digital signature. hS 
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